The term “malicious code” in this application refers to any type of computer software that causes harm to a computer system. A malicious code may be contained in an electronic file (referred to as a content hereinafter) such as an application software, an audio file, a video file, or a Portable Document Format (PDF) document, and the computer system may obtain such a content from an affected website, unknowingly, though a so-called drive-by downloading.
Drive-by downloading is an unintended downloading of a malicious code from an external source such as the Internet. In past a few years, drive-by downloading attacks, which exploit browser vulnerabilities, have become a major venue for attackers to control a benign computer. A download of a malicious code usually happens without computer owner's knowledge. The “supplier” of the malicious code may claim that the owner “consented” to the download, but the owner is actually unaware of the download. Afterwards, by executing the malicious code, an application is invoked. The application performs its nefarious purposes. Normally, a mere visit to a malicious web site can lead to a download and subsequent execution of the malicious code on a visiting computer. Unfortunately, most malicious codes are obfuscated and difficult to be detected.